It is estimated that more than 50% of our national
legislation derives from decisions taken at EU level, with this
number increasing to 95% in certain areas. However, the delay
between the start of discussions at EU level and implementation of
the corresponding national legislation can take up to five years or
more.
This explains why industry is sometimes taken off guard when new
legislation comes into force and why new legislation does not
always reflect market reality.
For example, the EU is currently reviewing the
E-Privacy Directive, which sets out how
personal data can be stored and used in the context of
electronic communications.
The review process was kicked off by a public consultation,
which started in November 2005 with a call for stakeholders' input.
The proposals are expected to come out in July 2007, but the law
will probably not be implemented nationally until 2010.
For businesses, particularly small and medium-sized enterprises,
it is difficult to monitor and be engaged in such complex processes
for long periods, since many just struggle to look beyond the next
fiscal quarter. The bottom line is clear: companies will be
required to comply with the new laws, which will be costly and
time-consuming if they do not anticipate the required
adaptations.
But beware; the reverse scenario is also possible.
The Data Retention Directive was adopted
with such unprecedented speed (less than two years between the
initial proposal and implementation at national level) that now
we near the transposition date, many realise that crucial
details have not been fully thought through and insufficient
guidance has been given to member states. This has resulted in
confusion and frustration among industry and government.
With a number of imperative security initiatives up for debate
in the EU this coming year it is key for industry to stay in tune
with security policy developments, to share its expertise, concerns
and needs with policy makers and prepare itself and its customers
for changes ahead.
Equally, governments need to lend a listening ear to the voice
of the industry to ensure that their proposals and initiatives are
responsive to their real needs, are in synch with the market
reality and do not hamper competition and innovation.
● Marika Konings is director of European affairs at the
Cyber Security Industry Alliance. The CSIA will lead a
keynote panel on how to secure the latest
telecoms technologies at Infosecurity Europe
Infosecurity preview: Knowledge is power
>>
Infosecurity preview: Building blocks of trust
>>
Infosecurity preview: Mobilising single sign-on
>>
Infosecurity preview: When a year is a lifetime
>>
More
information on the show, including free entry >>
Infosecurity Europe keynote sessions
>>
Cyber Security Industry Alliance
website >>
David Lacey’s security blog >>The
latest ideas, best practices, and business issues associated with
managing security
Stuart King’s risk management blog
>>
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk